About

Shih-Fong Peng, aka Lays

Co-Founder and Researcher of TRAPA Security, NCTU SQLab alumni
Focusing on Vulnerability Research and Reverse Engineering.

  • Samsung Mobile Security Hall of Fame 2020
  • MSRC 2020 Most Valuable Security Researchers
  • MSRC 2019 Most Valuable Security Researchers

CTFs

I used to play CTF with HITCON and 217, we also organized HITCON CTF 2014~2021.

YearNameRankingTeam
2020DEF CON CTF 2020 Final3rdHITCON ⚔ Balsn
2019DEF CON CTF 2019 Final2ndHITCON x BFKinesiS
2018DEF CON CTF 2018 Final3rdHITCON
2017DEF CON CTF 2017 Final2ndHITCON
2016DEF CON CTF 2016 Final4thHITCON
2015DEF CON CTF 2015 Final4thHITCON
2019WCTF 20191st217
2017WCTF 20171stHITCON 217
2016WCTF 20163rdHITCON
2018Trend Micro CTF 2018 Final1st217
2020Flare-On Challenge 713th
2019Flare-On Challenge 612th
2018Flare-On Challenge 58th
2017Flare-On Challenge 48th

Security Advisories

CVEVendorVulnerability
CVE-2024-55917Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2024-36304Trend MicroTrend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Vulnerability
CVE-2024-36303Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-6764ZyxelZyxel Firewall Pre-Authentication Format String Remote Code Execution Vulnerability
CVE-2023-6399ZyxelZyxel Firewall Post-Authentication Format String Remote Code Execution Vulnerability
CVE-2023-6398ZyxelZyxel Firewall Post-Authentication Command Injection Remote Code Execution Vulnerability
CVE-2023-6397ZyxelZyxel Firewall Remote Kernel DoS Vulnerability
CVE-2023-52093Trend MicroTrend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVE-2023-35635MicrosoftWindows Kernel Denial of Service Vulnerability
CVE-2023-4398ZyxelZyxel Firewall Pre-Authentication DoS Vulnerability
CVE-2023-47201Trend MicroTrend Micro Apex One Security Agent Plug-in Manager Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47200Trend MicroTrend Micro Apex One Security Agent Plug-in Manager Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47198Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47197Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47196Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47195Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47194Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47193Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47192Trend MicroTrend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
CVE-2023-2910ASUSTORASUSTOR Data Master (ADM) Pre-Authentication Command Injection Remote Code Execution Vulnerability
CVE-2023-3697ASUSTORASUSTOR Data Master (ADM) Pre-Authentication Arbitrary File Creation Vulnerability
CVE-2023-3698ASUSTORASUSTOR Data Master (ADM) Pre-Authentication Arbitrary File Deletion Vulnerability
CVE-2023-34148Trend MicroTrend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVE-2023-34147Trend MicroTrend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVE-2023-34146Trend MicroTrend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVE-2023-34145Trend MicroTrend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
CVE-2023-34144Trend MicroTrend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
CVE-2023-33012ZyxelZyxel Firewall Pre-Authentication Command Injection Remote Code Execution Vulnerability
CVE-2023-33011ZyxelZyxel Firewall Pre-Authentication Format String Remote Code Execution Vulnerability
CVE-2023-33010ZyxelZyxel Firewall Pre-Authentication Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-33009ZyxelZyxel Firewall Pre-Authentication Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-32555Trend MicroTrend Micro Apex One Security Agent Time-of-Check Time-of-Use LPE Vulnerability
CVE-2023-28771ZyxelZyxel Firewall Pre-Authentication Command Injection Remote Code Execution Vulnerability
CVE-2023-25146Trend MicroTrend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
CVE-2022-44653Trend MicroTrend Micro Apex One Security Agent Directory Traversal Local Privilege Escalation Vulnerability
CVE-2022-41747Trend MicroTrend Micro Apex One Security Agent Improper Certification Validation Local Privilege Escalation Vulnerability
CVE-2022-30700Trend MicroTrend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability
CVE-2022-4920GoogleHeap buffer overflow in Blink in Google Chrome
CVE-2021-45441Trend MicroTrend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2021-42011Trend MicroTrend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability
CVE-2021-31937MicrosoftMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-28645Trend MicroTrend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability
CVE-2021-25253Trend MicroTrend Micro Apex One Improper Access Control Privilege Escalation Vulnerability
CVE-2020-28940Western DigitalWestern Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability
CVE-2020-11600SamsungSVE-2019-16587, SVE-2019-16588, SVE-2019-16589: Arbitrary code execution in Fingerprint Trustlet
CVE-2020-1421MicrosoftLNK Remote Code Execution Vulnerability
CVE-2020-0729MicrosoftLNK Remote Code Execution Vulnerability
CVE-2019-1406MicrosoftJet Database Engine Remote Code Execution Vulnerability
CVE-2019-1280MicrosoftLNK Remote Code Execution Vulnerability
CVE-2019-1188MicrosoftLNK Remote Code Execution Vulnerability
CVE-2019-0974MicrosoftJet Database Engine Remote Code Execution Vulnerability
CVE-2017-18739NETGEARPre-Authentication Remote Code Execution
CVE-2017-16774SynologySynology DiskStation Manager XSS